RAN openness and intelligence for 5G/6G security
The architecture of the 5G network both at the current stage (non-standalone architecture – NSA) and ultimately implemented (stand-alone architecture – SA) will be almost entirely virtualized and based on software functionalities. As a result, it is and will be vulnerable to being used, attacked, and disrupted by hackers. When it comes to the security of 5G networks, most of the attention of researchers, engineers, and practitioners are focused on cybersecurity, although attacks on the software itself are not the only problem. This blog post discusses RAN-related aspects for 5G/6G security including architecture-related risks, cybersecurity best practices, MEC, and O-RAN security opportunities.
Architecture-related risks for 5G/6G security
The 5G (and prospective 6G) architecture components and related risks are the following:
- Service-Based Architecture (SBA), decomposed, virtualized, and distributed network functions. The independence of network functions from infrastructure poses challenges for network security.
- Application Programming Interfaces (API). Poorly encrypted, badly secured APIs put network resources at risk of attack.
- Private and corporate 5G networks. Such networks, if not properly protected, can be a source of attacks for the network segments, to which they are connected.
- Multi-Access Edge Computing (MEC) . In a decentralized approach to information processing, such as edge computing, security management becomes difficult as significant parts of the network can be attacked from anywhere at any time.
- Radio Access Network (RAN) and Open-RAN. The radio segment of the mobile communication network is inherently exposed to attacks related to the omnipresent transmission medium. The open specification of the radio interface (O-RAN) introduced in the 5G network [2,3] poses a challenge to their security. Inadequately defined and poorly secured ORAN applications, e.g. in the physical or MAC layer, may be vulnerable to these attacks.
The first three 5G architecture-related security issues seem to be similar to general software architecture and applications security problems. The last two strictly address RAN and its novel features including its openness and intelligence. So far identified attacks on RAN are the following: jamming, Denial of Service (DoS) and Distributed DoS (DDoS), signaling storm, eavesdropping, and traffic analysis, Man in the Middle (MITM), roaming security attacks, and attacks on Artificial Intelligence (AI) or Machine Learning (ML) algorithms (a consequence of the ML-as-a-Service paradigm for 5G/6G networks). They are well described in the literature and more and more efficient countermeasures are also developed (e.g., see ).
The best practices of network organization in terms of cybersecurity include the following :
- Zero trust, i.e., continuous authentication and authorization of users, nodes, connections, and interactions before granting access. Zero trust security models assume that an attacker can be present in an internal as well as external environment and that an operator-owned environment is no different and no more trustworthy than any other environment. Its principle is: “never trust, always verify” .
- Continuous and rigorous security practices and security tests for software, hardware, and user equipment.
- Continuous monitoring of assets security logs and anomalous behavior or communication patterns to assess and reveal potential risk.
- Segmentation, i.e., creation of logical groups of assets to restrict communication flows between them, e.g., through network firewalls.
- Threat protection, i.e., implementation of defensive security strategies, vulnerability management, denial-of-service defense, intrusion detection and prevention, and anti-malware systems.
- Data protection and privacy.
It is particularly interesting that mentioned openness and intelligence of future RANs create both opportunities and challenges at the same time.
MEC security opportunities
On one hand, MEC and MEC-residing algorithms have to face security attacks, such as data poisoning, evasion attacks, or ML model stealing, on the other, edge intelligence allows for learning and detecting abnormal behavior of the attackers and counteracting adequately. The purpose of defense against ML attacks is to improve the resistance of ML techniques to adversary attacks by assessing their vulnerability and applying appropriate defense measures. Defense against poisoning attacks includes input data validation and corrupted data learning. Defense against evasion attacks includes adversarial training, defensive distillation, ensemble methods, defensive generative competing networks, and techniques to counteract model detuning. Defense against attacks related to the theft of the ML model and API-related ML algorithms used in the 5G network includes learning with differential privacy to prevent disclosure of training data by making the model prediction independent of a single input, the use of homomorphic encryption which enables model training on encrypted data, and limitation of sensitive (and particularly important) information available through the API of the ML algorithm [Ben20].
O-RAN security opportunities
In terms of detection and response to attacks, O-RAN architecture also creates security opportunities (and not just security issues, as usually considered). As indicated in the White Paper by O-RAN Alliance Security Focus Group (SFG) : “O-RAN Alliance recognizes that the attack surface of RAN systems is expanded due to open and cloud-based architectures, but the transparency of new open interfaces will increase scrutiny and monitoring of vulnerabilities and failures. Openness also brings more competition to the telecommunication industry because the implementation of security solutions will not be bound to products of just one vendor but will be usable with equipment from any O-RAN compliant vendor.” O-RAN Alliance’s SFG is using a risk-based approach compliant with the ISO 27005  methodology using a Zero Trust Architecture, defined by the National Institute of Standards and Technology . The authors of  claim that by “…following all the security standards and specifications from SFG and 3GPP, and adopting a zero-trust approach and an end-to-end security governance over the implementation, makes O-RAN systems as secure, or even more secure, as traditional proprietary RAN systems.”
Moreover, O-RAN architecture allows for running the specialized programming modules/applications (xApps) in near-real-time RAN Intelligent Controller (RIC), which can be developed to continuously monitor and analyze security threats and protect RAN from malicious and illegal access to network segments. It makes it possible to detect threats much faster before they affect the operation of the entire network. Importantly, xApps can be developed for specific types of threats in a given network. Due to the distributed architecture of the 5G/6G network and the use of MEC modules, threats can be detected closer to the place of their occurrence, which reduces the delay and the volume of control data.
Rimedo Labs & 5G Security
Rimedo Labs participates in the 5gSTAR project on “Advanced methods and techniques for identification and counteracting cyber-attacks on 5G access network and applications”. The project is funded within the 4th CyberSecIdent program – Cybersecurity and e-Identity by the Polish National Centre for Research and Development (NCBIR) from 2021 to 2024. We believe that the openness and intelligence of RAN create opportunities for the secure operation of future networks.
You can find more details about the 5gSTAR project and our work in the 5G/6G security area in this blog post: Rimedo Labs joins 5gSTAR, a 5G cybersecurity project
 ETSI, „GS MEC 003 V2.2.1: Multi-access Edge Computing (MEC): Framework and Reference Architecture,” Group Specification, ETSI, 12.2020.
 M. Dryjański, Ł. Kułacz, A. Kliks, “Toward Modular and Flexible Open RAN Implementations in 6G Networks: Traffic Steering Use Case and O-RAN xApps”. Sensors. 2021; 21(24):8173. https://doi.org/10.3390/s21248173
 M. Dryjanski, R. Lundberg, “The O-RAN Whitepaper; Overview, Architecture, and Traffic Steering Use Case”, 2021, https://rimedolabs.com/blog/the-o-ran-whitepaper/
 J. Cao et al., „A Survey on Security Aspects for 3GPP 5G Networks,” in IEEE Communications Surveys & Tutorials, vol. 22, no. 1, pp. 170-195, Firstquarter 2020
 “Open RAN Security White Paper, Under the Open RAN MoU”, by Deutsche Telekom, Orange, Telefónica, TIM, and Vodafone, https://static1.squarespace.com/static/5ad774cce74940d7115044b0/t/623adef88d4ea05aae841f40/1648025338041/Open+RAN+MoU+Security+White+Paper+-+FV.pdf
 ISO 27005: https://www.iso.org/standard/75281.html
 Rose, S., Borchert, O., Mitchell, S., and Connelly, S., NIST SP 800-207: “Zero-Trust Architecture”, U.S. NIST, August 2020, https://csrc.nist.gov/publications/detail/sp/800-207/final.
Many thanks to the colleagues from Rimedo Labs working on 5gSTAR project: Paweł Kryszkiewicz, Bartosz Bossy, Marcin Hoffmann and Bartosz Kopras.
Prof.Hanna Bogucka received her Ph.D. in 1995 and doctor habilitated in 2006 at the Poznan University of Technology and the title of professor of technical sciences in 2014. Currently, she is the Director of the Institute of Radiocommunications. Prof. Hanna Bogucka has been the executive editor of the journal „Transactions on Emerging Telecommunications Technologies” (publishing house Wiley), and the Editorial Advisory Board member of „Recent Advances in Communications and Networking Technology”. Prof. Hanna Bogucka took the position of the Director of the IEEE Communications Society in the EMEA region and the Chair of the IEEE Radio Communications Committee. Prof. Hanna Bogucka is a correspondent member of the Polish Academy of Sciences. Currently, she serves as a Board Member at RIMEDO Labs.
You can reach prof. Bogucka at: firstname.lastname@example.org